When you see the results of a major hacking campaign on the news, you might tend to sympathize with the victim. While most hacks target individuals or high-profile businesses, hackers have, for the first time, intentionally targeted each other. The attack in question occurred between Naikon, a cyberespionage group, and another group called Hellsing.
While the attack might look like simple revenge on the surface, Kaspersky Labs seems to think it’s the start of a new cybercrime trend in which hackers explicitly target each other. These are being called advanced persistent threat (APT) wars, where two major threats exchange blows over the possession of certain information.
The attack which launched these suspicions occurred on April 15th 2015, when Naikon launched a spear-phishing attack against Hellsing. As the smaller threat, Hellsing boldly responded to the attack with their own brand of malware. Once again, Naikon responded by masquerading as a foreign government official. This game of cat and mouse continued for some time, until Hellsing sent a password-protected message containing a special backdoor specifically made to target Naikon.
Commenting on the behavior of these two entities, Costin Daiu, Director of the Global Research and Analyst Team of Kaspersky Labs, reports:
The targeting of the Naikon group by Hellsing, in some sort of a vengeful vampire-hunting -- "Empire Strikes Back" style, is fascinating. In the past, we've seen APT groups accidentally hitting each other while stealing address books from victims and then mass-mailing everyone on each of these lists. However, considering the targeting and origin of the attack, it seems more likely that this is an example of a deliberate APT-on-APT attack.
The nature of the attack was likely in the interest of stealing information, which is the primary objective of most advanced persistent threats. The way these two threats fire off assaults is interesting, and the attacks they use are unsurprisingly sophisticated; almost as if they’re simply trying to outsmart the other. As always, the primary goal is to leverage each other to obtain higher profits.
This might suggest that hackers will eliminate themselves if we leave them alone long enough, but we highly doubt that. So long as there is information to steal, hackers will continue to find ways to take it. As a business owner, you should always remain aware of how much danger an advanced persistent threat holds for your business. In this case, you want to avoid getting caught in between two of these hackers at all costs. Always keep your machines in peak condition, and never forget to apply the latest patches and updates to your IT infrastructure.
